1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
6#define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
7
8#include "base/callback.h"
9#include "base/memory/weak_ptr.h"
10#include "crypto/scoped_nss_types.h"
11#include "net/base/net_export.h"
12#include "net/cert/nss_cert_database.h"
13#include "net/cert/nss_profile_filter_chromeos.h"
14
15namespace net {
16
17class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {
18 public:
19  NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,
20                          crypto::ScopedPK11Slot private_slot);
21  virtual ~NSSCertDatabaseChromeOS();
22
23  // |system_slot| is the system TPM slot, which is only enabled for certain
24  // users.
25  void SetSystemSlot(crypto::ScopedPK11Slot system_slot);
26
27  // NSSCertDatabase implementation.
28  virtual void ListCertsSync(CertificateList* certs) OVERRIDE;
29  virtual void ListCerts(const NSSCertDatabase::ListCertsCallback& callback)
30      OVERRIDE;
31  virtual void ListModules(CryptoModuleList* modules, bool need_rw) const
32      OVERRIDE;
33  virtual crypto::ScopedPK11Slot GetSystemSlot() const OVERRIDE;
34
35  // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist
36  // in multiple slots.
37  // TODO(mattm): handle trust setting correctly for certs in read-only slots.
38
39 private:
40  // Certificate listing implementation used by |ListCerts| and |ListCertsSync|.
41  // The certificate list normally returned by NSSCertDatabase::ListCertsImpl
42  // is additionally filtered by |profile_filter|.
43  // Static so it may safely be used on the worker thread.
44  static void ListCertsImpl(const NSSProfileFilterChromeOS& profile_filter,
45                            CertificateList* certs);
46
47  NSSProfileFilterChromeOS profile_filter_;
48  crypto::ScopedPK11Slot system_slot_;
49
50  DISALLOW_COPY_AND_ASSIGN(NSSCertDatabaseChromeOS);
51};
52
53}  // namespace net
54
55#endif  // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
56